On 10/22/2013 01:09 PM, Rick "Zero_Chaos" Farina wrote:
4.0 Selinux
5.0 System Integrity
6.0 Profile
I'd like to specifically discuss bringing back the desktop profile by
user request.
The old desktop/server/developer profiles were removed for a good
reason. They cannot stack properly given their directory location and
conflicting inheritance requirements. We cannot bring them back as they
were else we will re-introduce the ancient multilib vs non-mutlilib
selinux issue in one manifestation or another.
Nonetheless, I think a desktop profile for hardened is possible along
the lines of what was done for selinux, ie put it in features. Only if
the desktop profile lands at the very bottom of the profile stack will
this work. Alternatively, you can duplicate the desktop profile from
default/linux in hardened/linux and do a simple inheritance from its
parent. This "duplication" would really not be much of a duplication
because there's probably stuff you want to tweak for your own purposes.
I was going to remove those deprecated directories today, but I can hold
off. To be clear, I'm not against a hardened desktop profile, just not
the implementation we had which was broken.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail : bluen...@gentoo.org
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA
GnuPG ID : F52D4BBA
